Everyone can name at least one major brand that has experienced a highly public data breach. From Equifax to Facebook, Under Armour to Marriott International, these security incidents exposed consumers’ Personally Identifiable Information (PII) on an massive scale. The exposure to enterprises can leave a powerful sting, where many end up paying millions of dollars in fines for violating privacy regulations, or face potentially severe court rulings regarding restitution for consumers.
With today’s current news flow, you may think that cyber criminals only target major corporations. These companies collect, store, and/or pass along data on millions of individuals in the normal course of doing business — a hacker’s goldmine. And, they have the budget, resources, and expertise to implement robust cybersecurity programs to help identify and mitigate risks. This level of intel, combined with the infrastructure required to protect the business, is not typically within the means of today’s small, entrepreneurial companies. This hasn’t gone unnoticed by cyber criminals — while often not reported, small and home-based business data breaches happen daily.
A 2018 study by Keeper Security reported that 67 percent of Small and Medium-Sized Businesses (SMBs) experience cyber-attacks, but only 28 percent of those companies feel equipped to defend themselves. Cyber criminals understand that this reveals a vulnerability they can’t ignore, and their success rate for targeting small businesses continues to rise.
What’s the Appeal for Cyber Thieves?
Any organization that stores data on employees, customers, vendors, or partners is one that is highly attractive to fraudsters. The more successful your business becomes, the more data you’ll be held accountable for protecting.
Cyber criminals can leverage stolen PII to commit true or synthetic identity theft by opening financial accounts, obtaining medical treatment, applying for jobs, taking out lines of credit, or conducting any number of other malicious activities. The result is severe distress for whoever is targeted, often leading to customer attrition and distrust of the company responsible for the security incident, which can further damage your business’s reputation through negative word-of-mouth.
Consumers aren’t the only ones at risk. On the flip side, business identities can also be stolen. Cyber thieves are looking for business identifiers, including Employer Identification Numbers (EINs), Creditsafe Safe Numbers, D-U-N-S Numbers, and business credit card information. If this data is compromised, it can be catastrophic to the financial health and creditworthiness of a small business. Fraudsters can file taxes in the name of the business, rack up expenses, and disrupt operations by severely damaging credit and relationships with vendors and partners — none of which a small or home-based business can afford.
For many cyber criminals, the ultimate end game is packaging the stolen data and selling it for significant profits on the Dark Web. This can ultimately cause more damage for the victims, as that data remains exposed to any cyber thief shopping for stolen identities on the Dark Web, making them forever vulnerable to identity crimes.
How Your Small Business Can Take Control
The first step toward improving the cyber health of your business is awareness. Learn how to recognize the scams targeting your business, then educate your team and implement best practices to combat those threats. There are many cost-effective ways that you can implement to improve your cyber security beyond being mindful, including secure Internet connections, strong password standards, and mobile device protection.
Small business operators work at all hours of the day, wherever a Wi-Fi connection is available. Open or “unprotected” networks can be a feeding ground for hackers to monitor your activity, steal data, or install malware. Regardless of where you’re located when connecting to the Internet, be sure to only do so on a secure connection that requires a password. Set up your home office network with a secure and unique wireless password, preferably by using a password manager tool.
Speaking of passwords, 40 percent of SMBs have experienced a data breach as a result of an employee’s password being compromised. In the past year, the average cost of those breaches topped $380,000 each. Never write down passwords, store them in an Excel file, or share them with other team members. By using a password manager too, you’ll be able to ensure that your credentials are complex and can’t be easily guessed. A password manager will also help to keep your passwords unique so that the same one isn’t used across multiple sites or for both personal and business accounts.
Mobile devices have become a gateway to data breaches and cyberattacks. As many SMBs rely on employee-owned devices to keep business moving, fraudsters are increasingly targeting mobile devices to access otherwise protected networks. Employee error is responsible for 40 percent of data breaches, including clicking on a phishing email, being tricked by an impostor and handing over sensitive information, or having their cell phone “taken over” where secure company information can be accessed. Such mistakes can lead to compromised data, regardless of the size of your business. A mobile cyber security solution provides awareness and insights into threats from mobile devices connected to your network and can alert you to a security incident before it becomes devastating for both your employees and your company.
Remember, businesses of all sizes are susceptible to identity theft. Even if it’s no fault of your own, fraudsters won’t stop from using your business information against you and potentially crippling your organization. Consider investing in business identity theft protection, combined with mobile cybersecurity services and identity protection for employees, created especially for SMBs. Such a solution will ensure your sensitive business information is monitored 24/7 and will mitigate risks so a security incident doesn’t spell disaster. Additionally, when you extend identity protection to your employees, you’re helping them safeguard their financial well-being, while ensuring they have peace of mind and resolution support if they need it. An employee who experiences identity theft will take up to 6 months and 200 hours-worth of time to recover from an incident. That’s a disruption to their work, which hurts your business’ productivity and bottom line.
Take the time with these proactive steps to improve the data security of your business and reduce the risk of cyberattacks. Invest in measures that can protect the future of your business, your customers, and your employees.